1 / 7

Data Protection Act

Data Protection Act . What is the data protection act?.

shanta
Download Presentation

Data Protection Act

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Protection Act

  2. What is the data protection act? The Data Protection Act 1998 is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring UK law into line with the EU data protection directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use,for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles. It also requires companies and individuals to keep personal information to themselves.

  3. Data Protection Principles: • Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless- • at least one of the conditions in Schedule 2 is met, and • in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. • Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. • Personal data shall be accurate and, where necessary, kept up to date. • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. • About the rights of individuals e.g. You have the right to have data about you removed. • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. • Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

  4. Offences: • The Act details a number of civil and criminal offences for which data controllers may be liable if a data controller has failed to gain appropriate consent from a data subject. However 'consent' is not specifically defined in the Act; consent is therefore a common law matter. • Section 21 - This section makes it an offence to process personal information without registration or to fail to comply with the notification regulations. • Section 55 - Unlawful obtaining of personal data. This section makes it an offence for people (Other Parties), such as hackers and impersonators, outside the organisation to obtain unauthorised access to the personal data. • Section 56 - This section makes it a criminal offence to require an individual to make a Subject Access Request relating to cautions or convictions for the purposes of recruitment, continued employment, or the provision of services. This was brought into effect by the Data Protection Act 1998 (Commencement No. 2) Order 2008.

  5. Data Subject: • The rights of data subjects • People whose personal data is stored are called data subjects. The DPA sets up rights for people who have data kept about them. You need to know these rights for the exam. They are: • A Right of Subject Access A data subject has a right to be supplied by a data controller with the personal data held about him or her. The data controller can charge for this (usually around £10 pounds). • A Right of Correction A data subject may force a data controller to correct any mistakes in the data held about them. • A Right to Prevent Distress A data subject may prevent the use of information if it would be likely to cause them distress. • A Right to Prevent Direct Marketing A data subject may stop their data being used in attempts to sell them things (eg by junk mail or cold calling.) • A Right to Prevent Automatic Decisions A data subject may specify that they do not want a data user to make "automated" decisions about them where, through points scoring, a computer decides on, for example, a loan application. • A Right of Complaint to the Information Commissioner A data subject can ask for the use of their personal data to be reviewed by the Information Commissioner who can enforce a ruling using the DPA. The Commissioner may inspect a controller's computers to help in the investigation. • A Right to Compensation The data subject is entitled to use the law to get compensation for damage caused ("damages") if personal data about them is inaccurate, lost, or disclosed.

  6. Data Controller: • The Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

  7. Information commissioner: • Registration with the Information Commissioner • Any organisation or person who needs to store personal information must apply to register with the Information Commissioner. • Data controllers must declare what information will be stored and how it will be used in advance. This is recorded in the register. • Each entry in the register contains: • The data controller's name and address. • A description of the information to be stored. • What they are going to use the information for. • Whether the data controller plans to pass on the information to other people or organisations. • Whether the data controller will transfer the information outside the UK. • Details of how the data controller will keep the information safe and secure.

More Related